[17233] in bugtraq
Re: another Xlib buffer overflow
daemon@ATHENA.MIT.EDU (Cy Schubert - ITSD Open Systems Gr)
Mon Oct 16 14:04:09 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <200010161201.e9GC1jk00908@cwsys.cwsent.com>
Date: Mon, 16 Oct 2000 05:01:34 -0700
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-To: matthieu@laas.fr
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Fri, 13 Oct 2000 23:37:01 +0200."
<14823.32893.941728.85487@laas.fr>
In message <14823.32893.941728.85487@laas.fr>, Matthieu Herrb writes:
> You wrote (in your message from Friday 13)
> >
> > Vulnerable object: XFree 3.3.x Xlib (no data on 4.0.x); no mention of fix
> > in "security issues" page at www.xfree86.org.
> >
>
> It was fixed in XFree86 4.0. From the CHANGELOG:
>
> XFree86 3.9Nu (13 January 1999)
> [...]
> 2141. Fix some sun_path overflows in xtrans.
It doesn't appear to be fixed in 3.3.6:
cwsys$ DISPLAY=:`perl -e '{print "0"x128}'` xterm
Segmentation fault
cwsys$
Exploit anyone?
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC
